<?php
// +----------------------------------------------------------------------+
// | Author:  Evgeny Leontev <eleontev@gmail.com>                         |
// | Copyright (c) 2005 Evgeny Leontev                                    |
// +----------------------------------------------------------------------+
// | This source file is free software; you can redistribute it and/or    |
// | modify it under the terms of the GNU Lesser General Public           |
// | License as published by the Free Software Foundation; either         |
// | version 2.1 of the License, or (at your option) any later version.   |
// |                                                                      |
// | This source file is distributed in the hope that it will be useful,  |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of       |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
// | Lesser General Public License for more details.                      |
// +----------------------------------------------------------------------+

require_once 'eleontev/Auth/Auth.php';


class AuthMember extends Auth
{
	
	var $tables = array('table' => 'user');
	var $cookie_expire = '1 year';

	
	// return true or false
	function doAuth($username, $password, $remember = false) {
		
		$auth = false;
		
		if (!empty($username) && !empty($password)) {
			
			$sql = "SELECT u.id AS user_id, u.username, u.role_id,
			CONCAT(u.first_name, ' ', u.last_name) AS name
			FROM {$this->tbl->table} u
			WHERE u.username = ? 
			AND u.password = ?
			AND u.active = 1";
			
			$vars = array(mysql_escape_string($username), MD5($password));
			
			$sql = ($this->sql) ? $this->sql : $sql;
			$result =& $this->db->Execute($sql, $vars) or die(db_error($sql));
			$row =& $result->FetchRow();
			
			if ($result->RecordCount() == 1) { 
				$auth = true; 
				$this->authToSession('member_', $row['user_id'], $row['name'], $row['username'], $row['role_id']);
				if($remember) { $this->authToCookie($this->cookie_expire, $row['user_id']); }
			}
		}
		
		return $auth; 	
	}
	
	
	function doAuthByCookie() {
			
		$auth = false;
		$user_id = (int) $this->getCookie();
		
		if($user_id) {
		
			$sql = "SELECT u.id AS user_id, u.username,
			CONCAT(u.first_name, ' ', u.last_name) AS name
			FROM {$this->tbl->table} u
			WHERE u.id = $user_id
			AND u.active = 1";
			
			$result =& $this->db->Execute($sql) or die(db_error($sql));
			$row =& $result->FetchRow();
			
			if ($result->RecordCount() == 1) { 
				$auth = true; 
				$this->authToSession('member_', $row['user_id'], $row['name'], $row['username']);
			}	
		}
		
		if($auth == false) {
			$this->removeCookie();
		}
		
		return $auth;
	}
	
	
	function authToCookie($period = false, $user_id = false, $path = '/') {
		//setcookie ( string name [, string value [, int expire [, string path [, string domain [, int secure]]]]] )
		setcookie('member_[user_id]', $user_id, $this->getCookieTime($period), $path);
	}
	
	
	
	function getCookie() {
		return @$_COOKIE['member_']['user_id'];
	}
	
	
	function getUsername() {
		return @$_SESSION['member_']['username'];
	}
	
	
	function getUserId() {
		return @$_SESSION['member_']['user_id'];
	}
	
	
	function getUserRealName() {
		return @$_SESSION['member_']['realname'];
	}	

	
	function getRoleId() {
		return @$_SESSION['member_']['role_id'];
	}	
	
	
	function isAuth() {
	
		$ret = true;
		if(@$_SESSION['member_']['auth'] != md5(@$_SESSION['member_']['thua'] . @$_SESSION['member_']['username'] . Auth::getIP()) 
		   || @!$_SESSION['member_']['auth'] || @!$_SESSION['member_']['thua']){
		
			$ret = false; 
		}
		
		return $ret;
	}
	
	
	function logout() {
		unset($_SESSION['member_']);
	}
	
	
	// spentTime(session var[,time in minute]){
	// Unset all sessions if curent time > "time in minute"
	// if $how_long = false we not use it
	function spentTime($how_long = 0) {
		if($how_long && isset($_SESSION['member_']) && !AuthMember::getCookie()) {
			$exp_time = @$_SESSION['member_']['time_flag']+$how_long*60;
			$cur_time = time();
			
			if($cur_time < $exp_time){
				$_SESSION['member_']['time_flag'] = time();
			} else {
				$_SESSION['member_'] = array();
				unset($_SESSION['member_']);
			}
		}
	}
}
?>